#ifndef _REMOTEPS_INTERCEPT_HPP_ #define _REMOTEPS_INTERCEPT_HPP_ #ifndef _COMMON_WINDOWS_HPP_ #include #endif #ifndef _COMMON_VERSIONINFO_HPP_ #include #endif #ifndef _COMMON_BLOCK_HPP_ #include #endif #ifndef _COMMON_QUICKSORT_HPP_ #include #endif #ifndef _COMMON_BINARYSEARCH_HPP_ #include #endif #ifndef _COMMON_ARRAY_HPP_ #include #endif #ifndef _IMAGE_PUREIMPORT_HPP_ #include #endif template class BinaryTree; class Intercept : public Array { public: Intercept(void); ~Intercept(); WORD performIntercept(Array &pureImports,DWORD baseAddress); private: void loadImportDescriptors(Array &pureImports); void loadImportModuleNames(void); void moduleEntryPoints(void); void resolveImportNames(Array &pureImport); WORD importEntryPoint(PureImport &pureImport); DWORD baseAddress(void)const; WORD isWIN95Thunk(DWORD baseAddress); void loadImportModuleNamesEx(void); void loadImportModuleNames(Block &importModuleNames,DWORD baseAddress); BOOL isInModuleNames(const String &strModuleName,Block &strModuleNames); void entryPoints(BinaryTree &pureImports,DWORD baseAddress); DWORD mBaseAddress; Block mImportModuleNames; WinVersionInfo mVersionInfo; }; inline Intercept::Intercept(void) { } inline Intercept::~Intercept() { } inline DWORD Intercept::baseAddress(void)const { return mBaseAddress; } inline WORD Intercept::isWIN95Thunk(DWORD baseAddress) { if(*((BYTE*)baseAddress)==0x68&&*(((BYTE*)baseAddress)+5)==0xE9)return TRUE; return FALSE; } #endif